SAN ANTONIO, March 16, 2009 /PRNewswire via COMTEX/ -- SafeMashups Inc., an application authentication pioneer, today announced the launch of the first trust infrastructure for mashups. The core of its offering is the breakthrough MashSSL(TM) standard, which, based on the proven cryptography of SSL, enables applications to mutually authenticate each other before "mashing up". The MashSSL Web Toolkit(TM) enables developers to easily integrate MashSSL into any application, and the SafeMashups Community Service(TM) provides a free, online authorization service. Currently a part of The University of Texas at San Antonio's (UTSA) Institute for Cyber Security's Incubator program, the SafeMashups offering was developed by leading UTSA researchers to help solve the trust and credential management challenges hindering widespread deployment of consumer and business-oriented mashup applications.

Writing in his Blue Ocean blog (http://blogs.verisign.com/innovation), security industry thought leader Nico Popp, Vice President of Innovation at VeriSign Inc., says "Because Web 2.0 protocols such as OAuth require a shared secret, MashSSL uses the SSL handshake and the issued SSL certificate as a secure method to establish a shared secret between the masher and the mashee. This approach allows SafeMashups to layer SSL and certificates on top of the Web 2.0 protocols without requiring any change to these protocols. Brilliant!" Gartner Inc. listed enterprise mashups among the "Top Ten Strategic Technologies for 2009" and advised enterprises to "investigate this growing space for the significant and transformational potential it may offer their enterprises".

However, there are significant security issues associated with mashups - a recent KPMG survey of 472 executives titled "Enterprise 2.0, The Benefits and Challenges of Adoption" found that half of them viewed security problems as a limiting factor in the uptake of Web 2.0-type tools in the enterprise.

Mashup Application Identity - The Problem: Many new mashup protocols and technologies like OpenAJAX, OAuth, OpenID and cross domain XHR recommend using SSL to secure communications between the browser and the web application. However, since mashup applications reside on both sides of the browser, the only way for trust to be established is for the applications to authenticate each other through the browser. However, as SSL is a two party transport level protocol between the browser and the web application, it cannot be directly used for this purpose. As a result, mashup participants are consequently often forced to come up with proprietary cryptographic methods which carry the burden of obtaining and managing additional credentials and introduce significant complexity.

The MashSSL Protocol - How it Works "We could have started from scratch and created a new cryptographic protocol", said Ravi Ganesan Research Professor at UTSA, and CEO of SafeMashups Inc.

"However, it takes years if not decades for all the kinks to be worked out in new cryptography. SSL has been through that wringer and everyone trusts it.

Further, it has the advantage of a ready made trust infrastructure in the form of SSL certificates and Certificate Authorities. So we decided to start with SSL, and look forward to working with thought leaders to make MashSSL a ubiquitous standard." SafeMashup's breakthrough MashSSL protocol allows web applications mashing through a browser to securely identify each other even in the presence of potentially untrusted intermediaries such as various forms of man in the middle (MITM) attacks, or malicious users. The key innovations of MashSSL were to use innovative cryptography to make SSL a multi-party protocol and running the protocol at the application level. Further, the standard has been designed to be implemented in a simple RESTful fashion, which optimizes web application interactions and is the architecture of choice for many modern web applications.

The SafeMashups Product Offering - How it Works The SafeMashups offering consists of two components, the MashSSL Web Toolkit and the SafeMashups Community service. Web applications mashing through a browser use the MashSSL Web Toolkit in conjunction with their existing SSL certificates to authenticate each other and establish a secure channel for communication.

There is no change required to the browser, no client downloads, and the process is invisible to the user. Enterprises that want to integrate the MashSSL Web Toolkit into their web applications can obtain it under a perpetual royalty free license from www.safemashups.com.

SafeMashups is also launching the SafeMashups Community Service which provides a free online service for entities to maintain lists of partners and applications they are willing to mash with. "I like to think of the SafeMashups Community Service as a type of social network for businesses," said Trell Rohovit, Chief Executive Officer of Venafi, the Company that pioneered SSL certificate management and is a SafeMashups partner. "Research indicates there are over three million SSL certificates out there. MashSSL helps you identify the web application at the other end, and the SafeMashups Community Service lets you decide which of those three million you want to mash with." SafeMashups currently remains under incubation at the Institute for Cyber Security at UTSA and is considering spinning out with external funding for accelerated growth by the end of the year.

About SafeMashups SafeMashups Inc. is a San Antonio, Texas, based application authentication pioneer, and is currently under incubation at the Institute for Cyber Security at The University of Texas at San Antonio. It developed the MashSSL protocol which provides a standardized way for web applications to securely identify each other when mashing through a potentially untrusted browser. The MashSSL protocol is based on innovations developed by SafeMashups CEO and UTSA Research Professor Ravi Ganesan. Ganesan previously founded TriCipher Inc. in 2000, and as CEO led that company to become an industry leading provider of FFIEC compliant multifactor authentication solutions by mid-2006. Previously, he served as Vice Chair and CTO of CheckFree Corporation and prior to that, as Vice President of Distributed Operations at Verizon Communications. SafeMashups' free MashSSL Web Toolkit and the free SafeMashups Community service offering provide a comprehensive trust infrastructure for mashup applications. For more information on SafeMashups, please visit www.safemashups.com.

About the Institute for Cyber Security at the University of Texas at San Antonio The Institute for Cyber Security has a mission of world class research, with commercialization. Founded in June 2007 and funded in part by the State of Texas's Emerging Technology Fund, the Institute is led by world renowned scholar Dr. Ravi Sandhu and is staffed by leading researchers and senior software architects who are immersed in emerging Internet security issues. The Institute consists of three units: ICS Labs, a nationally reputed center for academic research, ICS Incubator which has been established with a mission to make San Antonio a fertile breeding ground for security companies, and the ICS Center for Infrastructure Assurance and Security (CIAS), which leverages San Antonio's IAS skills as part of the solution to the nation's homeland security needs.

About UTSA The University of Texas at San Antonio is one of the fastest growing higher education institutions in Texas and the second largest of nine academic universities and six health institutions in the UT System. As a multicultural institution of access and excellence, UTSA aims to be a premier public research university providing access to educational excellence and preparing citizen leaders for the global environment. UTSA serves more than 28,400 students in 64 bachelor's, 46 master's and 21 doctoral degree programs in the colleges of Architecture, Business, Education and Human Development, Engineering, Honors, Liberal and Fine Arts, Public Policy, Sciences and Graduate School. Founded in 1969, UTSA is an intellectual and creative resource center and a socioeconomic development catalyst for Texas and beyond.

SOURCE SafeMashups Inc.

URL: http://blogs.verisign.com/innovation

http://www.lookingglasspr.com

http://www.safemashups.com